PolarSSL Weak Signature Algorithm Negotiation

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote TLS server negotiates a weaker signature algorithm.

Description :

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to
use, allowing remote attackers to conduct downgrade attacks.

This plugin sends a list of hash algorithms (SHA512, SHA384, SHA256,
SHA224, SHA1, and MD5) in descending order, and checks if the server
selects MD5.

See also :


Solution :

Use a PolarSSL version other than 1.3.8.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: General

Nessus Plugin ID: 80399 ()

Bugtraq ID: 70902

CVE ID: CVE-2014-8627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now